Description: Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling. For information on the general content of iTunes 11.2.1, see http://support.apple.com/kb/TS5434.

The text “A local user can compromise other local user accounts” struck me as interesting and at the core of why this change was made in the first place.

Prof. Peabody

I don’t understand your last paragraph. As written, it implies that Apple made the user accounts insecure on purpose.

BOFH

When an iTunes update can mess with the /Users directory (and subdirectories), with some strange connection to the Find my Mac service (absolutely unrelated to iTunes), I’m worried. Something weird, very weird, happened with that update. Think again: how can be related the /Users directory attributes and Find my Mac with a f*cking iTunes update? That shouldn’t happen. Never.

http://tewha.net/ Steven Fisher

My guess is the bug was in iTunesLibrary.framework, which is probably used elsewhere (for instance, handling connected iPhones).

http://tewha.net/ Steven Fisher

Dave, you misunderstood. The description is the vulnerability that iTunes 11.2 added.